Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
413
Views
0
Helpful
1
Replies

Encryption AAA

Go to solution
marcusbrutus
Level 1
Level 1

‎07-15-2010 03:31 AM - edited ‎03-10-2019 05:15 PM

Hi,

Just wisht to ask what is the default encryption used by ASA when exchanging username/password with a radius server (Windows server).  And is there a way to change the encryption (3des to aes-128)?

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Panos Kampanakis
Cisco Employee
Cisco Employee

‎07-15-2010 05:40 AM

RADIUS as a protocol uses an MD5 based "hiding" mechanism to encrypt the password attributes. It is a well known issue with that communication.

To make sure that traffic is encrypted I believe the best thing to do is to establish a IPSec tunnel between the server and the authenticating devices.

I hope it helps.

PK

.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Panos Kampanakis
Cisco Employee
Cisco Employee

‎07-15-2010 05:40 AM

RADIUS as a protocol uses an MD5 based "hiding" mechanism to encrypt the password attributes. It is a well known issue with that communication.

To make sure that traffic is encrypted I believe the best thing to do is to establish a IPSec tunnel between the server and the authenticating devices.

I hope it helps.

PK

.

0 Helpful
Customers Also Viewed These Support Documents